Posts Tagged ‘google’

Files, directories, and devices that are writable by any user (“world-writable”) on a multi-user system can be dangerous locally exploitable security holes. There are very few legitimate reasons for having world-writable files and directories on a system.

Many UNIX and Linux systems actually have cron jobs that check for world-writable files. On Apple’s OS X there is no such safeguard and many vendors do not seem to care about file permissions much at all. Several well-known applications are either installed with world-writable files or create them when used: